From 06fcb7bc228d4b324de3e5b0ad79bd12e8b57efe Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 2 Apr 2021 12:20:38 +0200 Subject: [PATCH 1/9] CVE-2021-23192 rpc: Give dcerpc_util.c its own header Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 (cherry picked from commit 8945d99758d8bedd374f1c51304b87a6cf10498c) --- librpc/rpc/dcerpc_util.c | 1 + librpc/rpc/dcerpc_util.h | 103 ++++++++++++++++++++ librpc/rpc/dcesrv_auth.c | 1 + librpc/rpc/dcesrv_core.c | 1 + librpc/rpc/dcesrv_reply.c | 1 + librpc/rpc/rpc_common.h | 74 -------------- source3/librpc/rpc/dcerpc_helpers.c | 1 + source3/rpc_client/cli_pipe.c | 1 + source3/rpc_client/rpc_transport_np.c | 1 + source3/rpc_server/rpc_ncacn_np.c | 1 + source4/librpc/rpc/dcerpc.c | 1 + source4/librpc/rpc/dcerpc_roh_channel_out.c | 1 + 12 files changed, 113 insertions(+), 74 deletions(-) create mode 100644 librpc/rpc/dcerpc_util.h diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c index 42e8e6110193..925fb70ad7c5 100644 --- a/librpc/rpc/dcerpc_util.c +++ b/librpc/rpc/dcerpc_util.c @@ -25,6 +25,7 @@ #include "lib/tsocket/tsocket.h" #include "lib/util/tevent_ntstatus.h" #include "librpc/rpc/dcerpc.h" +#include "librpc/rpc/dcerpc_util.h" #include "librpc/gen_ndr/ndr_dcerpc.h" #include "rpc_common.h" #include "lib/util/bitmap.h" diff --git a/librpc/rpc/dcerpc_util.h b/librpc/rpc/dcerpc_util.h new file mode 100644 index 000000000000..0ecaf428c3c9 --- /dev/null +++ b/librpc/rpc/dcerpc_util.h @@ -0,0 +1,103 @@ +/* + Unix SMB/CIFS implementation. + + Copyright (C) Stefan Metzmacher 2010-2011 + Copyright (C) Andrew Tridgell 2010-2011 + Copyright (C) Simo Sorce 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef __LIBRPC_RPC_DCERPC_UTIL_H__ +#define __LIBRPC_RPC_DCERPC_UTIL_H__ + +#include "replace.h" +#include +#include "lib/util/data_blob.h" +#include "librpc/rpc/rpc_common.h" +#include "librpc/gen_ndr/dcerpc.h" + +void dcerpc_set_frag_length(DATA_BLOB *blob, uint16_t v); +uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob); +void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v); +uint16_t dcerpc_get_auth_length(const DATA_BLOB *blob); +uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob); +uint8_t dcerpc_get_auth_type(const DATA_BLOB *blob); +uint8_t dcerpc_get_auth_level(const DATA_BLOB *blob); +uint32_t dcerpc_get_auth_context_id(const DATA_BLOB *blob); +const char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx, + enum dcerpc_transport_t transport, + const struct ndr_interface_table *table); + +NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx, + const DATA_BLOB *blob, + struct ncacn_packet *r); + +/** +* @brief Pull a dcerpc_auth structure, taking account of any auth +* padding in the blob. For request/response packets we pass +* the whole data blob, so auth_data_only must be set to false +* as the blob contains data+pad+auth and no just pad+auth. +* +* @param pkt - The ncacn_packet strcuture +* @param mem_ctx - The mem_ctx used to allocate dcerpc_auth elements +* @param pkt_trailer - The packet trailer data, usually the trailing +* auth_info blob, but in the request/response case +* this is the stub_and_verifier blob. +* @param auth - A preallocated dcerpc_auth *empty* structure +* @param auth_length - The length of the auth trail, sum of auth header +* lenght and pkt->auth_length +* @param auth_data_only - Whether the pkt_trailer includes only the auth_blob +* (+ padding) or also other data. +* +* @return - A NTSTATUS error code. +*/ +NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt, + TALLOC_CTX *mem_ctx, + const DATA_BLOB *pkt_trailer, + struct dcerpc_auth *auth, + uint32_t *auth_length, + bool auth_data_only); +NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt, + enum dcerpc_pkt_type ptype, + size_t max_auth_info, + uint8_t required_flags, + uint8_t optional_flags); +NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, + struct gensec_security *gensec, + TALLOC_CTX *mem_ctx, + enum dcerpc_pkt_type ptype, + uint8_t required_flags, + uint8_t optional_flags, + uint8_t payload_offset, + DATA_BLOB *payload_and_verifier, + DATA_BLOB *raw_packet, + const struct ncacn_packet *pkt); +NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state, + struct gensec_security *gensec, + TALLOC_CTX *mem_ctx, + DATA_BLOB *raw_packet, + size_t sig_size, + uint8_t payload_offset, + const DATA_BLOB *payload, + const struct ncacn_packet *pkt); +struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct tstream_context *stream); +NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req, + TALLOC_CTX *mem_ctx, + struct ncacn_packet **pkt, + DATA_BLOB *buffer); + +#endif diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c index 8ac90f2a2bd9..f7919ebf5755 100644 --- a/librpc/rpc/dcesrv_auth.c +++ b/librpc/rpc/dcesrv_auth.c @@ -23,6 +23,7 @@ #include "includes.h" #include "librpc/rpc/dcesrv_core.h" #include "librpc/rpc/dcesrv_core_proto.h" +#include "librpc/rpc/dcerpc_util.h" #include "librpc/gen_ndr/ndr_dcerpc.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c index 06f6c4b23822..74730f22c7cc 100644 --- a/librpc/rpc/dcesrv_core.c +++ b/librpc/rpc/dcesrv_core.c @@ -24,6 +24,7 @@ #include "includes.h" #include "librpc/rpc/dcesrv_core.h" #include "librpc/rpc/dcesrv_core_proto.h" +#include "librpc/rpc/dcerpc_util.h" #include "librpc/gen_ndr/auth.h" #include "auth/gensec/gensec.h" #include "lib/util/dlinklist.h" diff --git a/librpc/rpc/dcesrv_reply.c b/librpc/rpc/dcesrv_reply.c index 96bd98f53e10..5b4429956e75 100644 --- a/librpc/rpc/dcesrv_reply.c +++ b/librpc/rpc/dcesrv_reply.c @@ -23,6 +23,7 @@ #include "includes.h" #include "librpc/rpc/dcesrv_core.h" #include "librpc/rpc/dcesrv_core_proto.h" +#include "librpc/rpc/dcerpc_util.h" #include "auth/gensec/gensec.h" #include "lib/util/dlinklist.h" #include "param/param.h" diff --git a/librpc/rpc/rpc_common.h b/librpc/rpc/rpc_common.h index 82fe2eb7e80c..55a35f31096c 100644 --- a/librpc/rpc/rpc_common.h +++ b/librpc/rpc/rpc_common.h @@ -165,80 +165,6 @@ const char *derpc_transport_string_by_transport(enum dcerpc_transport_t t); enum dcerpc_transport_t dcerpc_transport_by_name(const char *name); enum dcerpc_transport_t dcerpc_transport_by_tower(const struct epm_tower *tower); -/* The following definitions come from ../librpc/rpc/dcerpc_util.c */ - -void dcerpc_set_frag_length(DATA_BLOB *blob, uint16_t v); -uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob); -void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v); -uint16_t dcerpc_get_auth_length(const DATA_BLOB *blob); -uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob); -uint8_t dcerpc_get_auth_type(const DATA_BLOB *blob); -uint8_t dcerpc_get_auth_level(const DATA_BLOB *blob); -uint32_t dcerpc_get_auth_context_id(const DATA_BLOB *blob); -const char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx, - enum dcerpc_transport_t transport, - const struct ndr_interface_table *table); - -NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx, - const DATA_BLOB *blob, - struct ncacn_packet *r); - -/** -* @brief Pull a dcerpc_auth structure, taking account of any auth -* padding in the blob. For request/response packets we pass -* the whole data blob, so auth_data_only must be set to false -* as the blob contains data+pad+auth and no just pad+auth. -* -* @param pkt - The ncacn_packet strcuture -* @param mem_ctx - The mem_ctx used to allocate dcerpc_auth elements -* @param pkt_trailer - The packet trailer data, usually the trailing -* auth_info blob, but in the request/response case -* this is the stub_and_verifier blob. -* @param auth - A preallocated dcerpc_auth *empty* structure -* @param auth_length - The length of the auth trail, sum of auth header -* lenght and pkt->auth_length -* @param auth_data_only - Whether the pkt_trailer includes only the auth_blob -* (+ padding) or also other data. -* -* @return - A NTSTATUS error code. -*/ -NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt, - TALLOC_CTX *mem_ctx, - const DATA_BLOB *pkt_trailer, - struct dcerpc_auth *auth, - uint32_t *auth_length, - bool auth_data_only); -NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt, - enum dcerpc_pkt_type ptype, - size_t max_auth_info, - uint8_t required_flags, - uint8_t optional_flags); -NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, - struct gensec_security *gensec, - TALLOC_CTX *mem_ctx, - enum dcerpc_pkt_type ptype, - uint8_t required_flags, - uint8_t optional_flags, - uint8_t payload_offset, - DATA_BLOB *payload_and_verifier, - DATA_BLOB *raw_packet, - const struct ncacn_packet *pkt); -NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state, - struct gensec_security *gensec, - TALLOC_CTX *mem_ctx, - DATA_BLOB *raw_packet, - size_t sig_size, - uint8_t payload_offset, - const DATA_BLOB *payload, - const struct ncacn_packet *pkt); -struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct tstream_context *stream); -NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req, - TALLOC_CTX *mem_ctx, - struct ncacn_packet **pkt, - DATA_BLOB *buffer); - /* The following definitions come from ../librpc/rpc/binding_handle.c */ struct dcerpc_binding_handle_ops { diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c index 1f67987561cd..c609efd5b077 100644 --- a/source3/librpc/rpc/dcerpc_helpers.c +++ b/source3/librpc/rpc/dcerpc_helpers.c @@ -20,6 +20,7 @@ #include "includes.h" #include "librpc/rpc/dcerpc.h" +#include "librpc/rpc/dcerpc_util.h" #include "librpc/gen_ndr/ndr_dcerpc.h" #include "librpc/crypto/gse.h" #include "auth/gensec/gensec.h" diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 8f52acadec87..3d16f1092dba 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -30,6 +30,7 @@ #include "librpc/gen_ndr/ndr_dcerpc.h" #include "librpc/gen_ndr/ndr_netlogon_c.h" #include "librpc/rpc/dcerpc.h" +#include "librpc/rpc/dcerpc_util.h" #include "rpc_dce.h" #include "cli_pipe.h" #include "libsmb/libsmb.h" diff --git a/source3/rpc_client/rpc_transport_np.c b/source3/rpc_client/rpc_transport_np.c index 9dc5c5634fc0..b24023661ffd 100644 --- a/source3/rpc_client/rpc_transport_np.c +++ b/source3/rpc_client/rpc_transport_np.c @@ -19,6 +19,7 @@ #include "includes.h" #include "../lib/util/tevent_ntstatus.h" +#include "librpc/rpc/dcerpc_util.h" #include "rpc_client/rpc_transport.h" #include "librpc/ndr/ndr_table.h" #include "libcli/smb/smbXcli_base.h" diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c index 494b002e714e..a874a2376d11 100644 --- a/source3/rpc_server/rpc_ncacn_np.c +++ b/source3/rpc_server/rpc_ncacn_np.c @@ -37,6 +37,7 @@ #include "rpc_server/rpc_config.h" #include "librpc/ndr/ndr_table.h" #include "rpc_server/rpc_server.h" +#include "librpc/rpc/dcerpc_util.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 87a99a8df89e..f97263dcc5b0 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -26,6 +26,7 @@ #include "lib/events/events.h" #include "librpc/rpc/dcerpc.h" #include "librpc/rpc/dcerpc_proto.h" +#include "librpc/rpc/dcerpc_util.h" #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_dcerpc.h" #include "auth/gensec/gensec.h" diff --git a/source4/librpc/rpc/dcerpc_roh_channel_out.c b/source4/librpc/rpc/dcerpc_roh_channel_out.c index e431689d4198..2abafb0bab5f 100644 --- a/source4/librpc/rpc/dcerpc_roh_channel_out.c +++ b/source4/librpc/rpc/dcerpc_roh_channel_out.c @@ -37,6 +37,7 @@ #include "librpc/rpc/dcerpc.h" #include "librpc/rpc/dcerpc_roh.h" #include "librpc/rpc/dcerpc_proto.h" +#include "librpc/rpc/dcerpc_util.h" #include "libcli/http/http.h" struct roh_request_state { -- 2.25.1 From b2e08358dfe53de191bc54f15c1399992740fe0c Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 2 Apr 2021 13:41:21 +0200 Subject: [PATCH 2/9] CVE-2021-23192 librpc: Remove the gensec dependency from library dcerpc-binding This means yet another library, but having to depend on gensec just for dcerpc_parse_binding() and basic packet parsing seems like a bit overkill to me. Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Apr 6 23:33:14 UTC 2021 on sn-devel-184 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 (cherry picked from commit 4d3b6506d30e4bf302f832493dad00a83b73d370) --- libcli/auth/wscript_build | 10 +- librpc/rpc/dcerpc_pkt_auth.c | 497 +++++++++++++++++++++++++++++++++++ librpc/rpc/dcerpc_pkt_auth.h | 58 ++++ librpc/rpc/dcerpc_util.c | 464 -------------------------------- librpc/rpc/dcerpc_util.h | 18 -- librpc/rpc/dcesrv_auth.c | 1 + librpc/wscript_build | 25 +- source3/wscript_build | 8 +- source4/librpc/rpc/dcerpc.c | 1 + source4/librpc/wscript_build | 21 +- 10 files changed, 613 insertions(+), 490 deletions(-) create mode 100644 librpc/rpc/dcerpc_pkt_auth.c create mode 100644 librpc/rpc/dcerpc_pkt_auth.h diff --git a/libcli/auth/wscript_build b/libcli/auth/wscript_build index 2a6a7468e457..24ab68fac1e3 100644 --- a/libcli/auth/wscript_build +++ b/libcli/auth/wscript_build @@ -30,7 +30,15 @@ bld.SAMBA_SUBSYSTEM('COMMON_SCHANNEL', bld.SAMBA_SUBSYSTEM('NETLOGON_CREDS_CLI', source='netlogon_creds_cli.c', - deps='dbwrap util_tdb tevent-util samba-hostconfig RPC_NDR_NETLOGON NDR_NETLOGON' + deps=''' + dbwrap + util_tdb + tevent-util + samba-hostconfig + gensec + RPC_NDR_NETLOGON + NDR_NETLOGON + ''' ) bld.SAMBA_SUBSYSTEM('PAM_ERRORS', diff --git a/librpc/rpc/dcerpc_pkt_auth.c b/librpc/rpc/dcerpc_pkt_auth.c new file mode 100644 index 000000000000..322d7497893c --- /dev/null +++ b/librpc/rpc/dcerpc_pkt_auth.c @@ -0,0 +1,497 @@ +/* + Unix SMB/CIFS implementation. + raw dcerpc operations + + Copyright (C) Andrew Tridgell 2003-2005 + Copyright (C) Jelmer Vernooij 2004-2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "replace.h" +#include "system/network.h" +#include +#include "lib/util/talloc_stack.h" +#include "lib/util/debug.h" +#include "lib/util/byteorder.h" +#include "lib/util/samba_util.h" +#include "librpc/rpc/dcerpc.h" +#include "librpc/rpc/dcerpc_util.h" +#include "librpc/rpc/dcerpc_pkt_auth.h" +#include "librpc/gen_ndr/ndr_dcerpc.h" +#include "rpc_common.h" +#include "lib/util/bitmap.h" +#include "auth/gensec/gensec.h" +#include "lib/util/mkdir_p.h" +#include "lib/crypto/gnutls_helpers.h" +#include + +NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, + struct gensec_security *gensec, + TALLOC_CTX *mem_ctx, + enum dcerpc_pkt_type ptype, + uint8_t required_flags, + uint8_t optional_flags, + uint8_t payload_offset, + DATA_BLOB *payload_and_verifier, + DATA_BLOB *raw_packet, + const struct ncacn_packet *pkt) +{ + NTSTATUS status; + struct dcerpc_auth auth; + uint32_t auth_length; + + if (auth_state == NULL) { + return NT_STATUS_INTERNAL_ERROR; + } + + status = dcerpc_verify_ncacn_packet_header(pkt, ptype, + payload_and_verifier->length, + required_flags, optional_flags); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + switch (auth_state->auth_level) { + case DCERPC_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_PACKET: + break; + + case DCERPC_AUTH_LEVEL_CONNECT: + if (pkt->auth_length != 0) { + break; + } + return NT_STATUS_OK; + case DCERPC_AUTH_LEVEL_NONE: + if (pkt->auth_length != 0) { + return NT_STATUS_ACCESS_DENIED; + } + return NT_STATUS_OK; + + default: + return NT_STATUS_RPC_UNSUPPORTED_AUTHN_LEVEL; + } + + if (pkt->auth_length == 0) { + return NT_STATUS_RPC_PROTOCOL_ERROR; + } + + if (gensec == NULL) { + return NT_STATUS_INTERNAL_ERROR; + } + + status = dcerpc_pull_auth_trailer(pkt, mem_ctx, + payload_and_verifier, + &auth, &auth_length, false); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (payload_and_verifier->length < auth_length) { + /* + * should be checked in dcerpc_pull_auth_trailer() + */ + return NT_STATUS_INTERNAL_ERROR; + } + + payload_and_verifier->length -= auth_length; + + if (payload_and_verifier->length < auth.auth_pad_length) { + /* + * should be checked in dcerpc_pull_auth_trailer() + */ + return NT_STATUS_INTERNAL_ERROR; + } + + if (auth.auth_type != auth_state->auth_type) { + return NT_STATUS_ACCESS_DENIED; + } + + if (auth.auth_level != auth_state->auth_level) { + return NT_STATUS_ACCESS_DENIED; + } + + if (auth.auth_context_id != auth_state->auth_context_id) { + return NT_STATUS_ACCESS_DENIED; + } + + /* check signature or unseal the packet */ + switch (auth_state->auth_level) { + case DCERPC_AUTH_LEVEL_PRIVACY: + status = gensec_unseal_packet(gensec, + raw_packet->data + payload_offset, + payload_and_verifier->length, + raw_packet->data, + raw_packet->length - + auth.credentials.length, + &auth.credentials); + if (!NT_STATUS_IS_OK(status)) { + return NT_STATUS_RPC_SEC_PKG_ERROR; + } + memcpy(payload_and_verifier->data, + raw_packet->data + payload_offset, + payload_and_verifier->length); + break; + + case DCERPC_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_PACKET: + status = gensec_check_packet(gensec, + payload_and_verifier->data, + payload_and_verifier->length, + raw_packet->data, + raw_packet->length - + auth.credentials.length, + &auth.credentials); + if (!NT_STATUS_IS_OK(status)) { + return NT_STATUS_RPC_SEC_PKG_ERROR; + } + break; + + case DCERPC_AUTH_LEVEL_CONNECT: + /* for now we ignore possible signatures here */ + break; + + default: + return NT_STATUS_RPC_UNSUPPORTED_AUTHN_LEVEL; + } + + /* + * remove the indicated amount of padding + * + * A possible overflow is checked above. + */ + payload_and_verifier->length -= auth.auth_pad_length; + + return NT_STATUS_OK; +} + +NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state, + struct gensec_security *gensec, + TALLOC_CTX *mem_ctx, + DATA_BLOB *raw_packet, + size_t sig_size, + uint8_t payload_offset, + const DATA_BLOB *payload, + const struct ncacn_packet *pkt) +{ + TALLOC_CTX *frame = talloc_stackframe(); + NTSTATUS status; + enum ndr_err_code ndr_err; + struct ndr_push *ndr = NULL; + uint32_t payload_length; + uint32_t whole_length; + DATA_BLOB blob = data_blob_null; + DATA_BLOB sig = data_blob_null; + struct dcerpc_auth _out_auth_info; + struct dcerpc_auth *out_auth_info = NULL; + + *raw_packet = data_blob_null; + + if (auth_state == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_INTERNAL_ERROR; + } + + switch (auth_state->auth_level) { + case DCERPC_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_PACKET: + if (sig_size == 0) { + TALLOC_FREE(frame); + return NT_STATUS_INTERNAL_ERROR; + } + + if (gensec == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_INTERNAL_ERROR; + } + + _out_auth_info = (struct dcerpc_auth) { + .auth_type = auth_state->auth_type, + .auth_level = auth_state->auth_level, + .auth_context_id = auth_state->auth_context_id, + }; + out_auth_info = &_out_auth_info; + break; + + case DCERPC_AUTH_LEVEL_CONNECT: + /* + * TODO: let the gensec mech decide if it wants to generate a + * signature that might be needed for schannel... + */ + if (sig_size != 0) { + TALLOC_FREE(frame); + return NT_STATUS_INTERNAL_ERROR; + } + + if (gensec == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_INTERNAL_ERROR; + } + break; + + case DCERPC_AUTH_LEVEL_NONE: + if (sig_size != 0) { + TALLOC_FREE(frame); + return NT_STATUS_INTERNAL_ERROR; + } + break; + + default: + TALLOC_FREE(frame); + return NT_STATUS_INTERNAL_ERROR; + } + + ndr = ndr_push_init_ctx(frame); + if (ndr == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } + + ndr_err = ndr_push_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, pkt); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + TALLOC_FREE(frame); + return ndr_map_error2ntstatus(ndr_err); + } + + if (out_auth_info != NULL) { + /* + * pad to 16 byte multiple in the payload portion of the + * packet. This matches what w2k3 does. Note that we can't use + * ndr_push_align() as that is relative to the start of the + * whole packet, whereas w2k8 wants it relative to the start + * of the stub. + */ + out_auth_info->auth_pad_length = + DCERPC_AUTH_PAD_LENGTH(payload->length); + ndr_err = ndr_push_zero(ndr, out_auth_info->auth_pad_length); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + TALLOC_FREE(frame); + return ndr_map_error2ntstatus(ndr_err); + } + + payload_length = payload->length + + out_auth_info->auth_pad_length; + + ndr_err = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, + out_auth_info); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + TALLOC_FREE(frame); + return ndr_map_error2ntstatus(ndr_err); + } + + whole_length = ndr->offset; + + ndr_err = ndr_push_zero(ndr, sig_size); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + TALLOC_FREE(frame); + return ndr_map_error2ntstatus(ndr_err); + } + } else { + payload_length = payload->length; + whole_length = ndr->offset; + } + + /* extract the whole packet as a blob */ + blob = ndr_push_blob(ndr); + + /* + * Setup the frag and auth length in the packet buffer. + * This is needed if the GENSEC mech does AEAD signing + * of the packet headers. The signature itself will be + * appended later. + */ + dcerpc_set_frag_length(&blob, blob.length); + dcerpc_set_auth_length(&blob, sig_size); + + /* sign or seal the packet */ + switch (auth_state->auth_level) { + case DCERPC_AUTH_LEVEL_PRIVACY: + status = gensec_seal_packet(gensec, + frame, + blob.data + payload_offset, + payload_length, + blob.data, + whole_length, + &sig); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); + return status; + } + break; + + case DCERPC_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_PACKET: + status = gensec_sign_packet(gensec, + frame, + blob.data + payload_offset, + payload_length, + blob.data, + whole_length, + &sig); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); + return status; + } + break; + + case DCERPC_AUTH_LEVEL_CONNECT: + case DCERPC_AUTH_LEVEL_NONE: + break; + + default: + TALLOC_FREE(frame); + return NT_STATUS_INTERNAL_ERROR; + } + + if (sig.length != sig_size) { + TALLOC_FREE(frame); + return NT_STATUS_RPC_SEC_PKG_ERROR; + } + + if (sig_size != 0) { + memcpy(blob.data + whole_length, sig.data, sig_size); + } + + *raw_packet = blob; + talloc_steal(mem_ctx, raw_packet->data); + TALLOC_FREE(frame); + return NT_STATUS_OK; +} + +#ifdef DEVELOPER + +/* + * Save valid, well-formed DCE/RPC stubs to use as a seed for + * ndr_fuzz_X + */ +void dcerpc_save_ndr_fuzz_seed(TALLOC_CTX *mem_ctx, + DATA_BLOB raw_blob, + const char *dump_dir, + const char *iface_name, + int flags, + int opnum, + bool ndr64) +{ + char *fname = NULL; + const char *sub_dir = NULL; + TALLOC_CTX *temp_ctx = talloc_new(mem_ctx); + DATA_BLOB blob; + int ret, rc; + uint8_t digest[20]; + DATA_BLOB digest_blob; + char *digest_hex; + uint16_t fuzz_flags = 0; + + /* + * We want to save the 'stub' in a per-pipe subdirectory, with + * the ndr_fuzz_X header 4 byte header. For the sake of + * convenience (this is a developer only function), we mkdir + * -p the sub-directories when they are needed. + */ + + if (dump_dir == NULL) { + return; + } + + temp_ctx = talloc_stackframe(); + + sub_dir = talloc_asprintf(temp_ctx, "%s/%s", + dump_dir, + iface_name); + if (sub_dir == NULL) { + talloc_free(temp_ctx); + return; + } + ret = mkdir_p(sub_dir, 0755); + if (ret && errno != EEXIST) { + DBG_ERR("could not create %s\n", sub_dir); + talloc_free(temp_ctx); + return; + } + + blob.length = raw_blob.length + 4; + blob.data = talloc_array(sub_dir, + uint8_t, + blob.length); + if (blob.data == NULL) { + DBG_ERR("could not allocate for fuzz seeds! (%s)\n", + iface_name); + talloc_free(temp_ctx); + return; + } + + if (ndr64) { + fuzz_flags = 4; + } + if (flags & NDR_IN) { + fuzz_flags |= 1; + } else if (flags & NDR_OUT) { + fuzz_flags |= 2; + } + + SSVAL(blob.data, 0, fuzz_flags); + SSVAL(blob.data, 2, opnum); + + memcpy(&blob.data[4], + raw_blob.data, + raw_blob.length); + + /* + * This matches how oss-fuzz names the corpus input files, due + * to a preference from libFuzzer + */ + rc = gnutls_hash_fast(GNUTLS_DIG_SHA1, + blob.data, + blob.length, + digest); + if (rc < 0) { + /* + * This prints a better error message, eg if SHA1 is + * disabled + */ + NTSTATUS status = gnutls_error_to_ntstatus(rc, + NT_STATUS_HASH_NOT_SUPPORTED); + DBG_ERR("Failed to generate SHA1 to save fuzz seed: %s", + nt_errstr(status)); + talloc_free(temp_ctx); + return; + } + + digest_blob.data = digest; + digest_blob.length = sizeof(digest); + digest_hex = data_blob_hex_string_lower(temp_ctx, &digest_blob); + + fname = talloc_asprintf(temp_ctx, "%s/%s", + sub_dir, + digest_hex); + if (fname == NULL) { + talloc_free(temp_ctx); + return; + } + + /* + * If this fails, it is most likely because that file already + * exists. This is fine, it means we already have this + * sample + */ + file_save(fname, + blob.data, + blob.length); + + talloc_free(temp_ctx); +} + +#endif /*if DEVELOPER, enveloping _dcesrv_save_ndr_fuzz_seed() */ diff --git a/librpc/rpc/dcerpc_pkt_auth.h b/librpc/rpc/dcerpc_pkt_auth.h new file mode 100644 index 000000000000..c0d23b91c057 --- /dev/null +++ b/librpc/rpc/dcerpc_pkt_auth.h @@ -0,0 +1,58 @@ +/* + Unix SMB/CIFS implementation. + + Copyright (C) Stefan Metzmacher 2010-2011 + Copyright (C) Andrew Tridgell 2010-2011 + Copyright (C) Simo Sorce 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef __LIBRPC_RPC_DCERPC_PKT_AUTH_H__ +#define __LIBRPC_RPC_DCERPC_PKT_AUTH_H__ + +#include "replace.h" +#include +#include "lib/util/data_blob.h" +#include "libcli/util/ntstatus.h" +#include "librpc/rpc/rpc_common.h" +#include "librpc/gen_ndr/dcerpc.h" + +NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, + struct gensec_security *gensec, + TALLOC_CTX *mem_ctx, + enum dcerpc_pkt_type ptype, + uint8_t required_flags, + uint8_t optional_flags, + uint8_t payload_offset, + DATA_BLOB *payload_and_verifier, + DATA_BLOB *raw_packet, + const struct ncacn_packet *pkt); +NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state, + struct gensec_security *gensec, + TALLOC_CTX *mem_ctx, + DATA_BLOB *raw_packet, + size_t sig_size, + uint8_t payload_offset, + const DATA_BLOB *payload, + const struct ncacn_packet *pkt); +struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct tstream_context *stream); +NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req, + TALLOC_CTX *mem_ctx, + struct ncacn_packet **pkt, + DATA_BLOB *buffer); + +#endif diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c index 925fb70ad7c5..c878a2af0947 100644 --- a/librpc/rpc/dcerpc_util.c +++ b/librpc/rpc/dcerpc_util.c @@ -29,10 +29,6 @@ #include "librpc/gen_ndr/ndr_dcerpc.h" #include "rpc_common.h" #include "lib/util/bitmap.h" -#include "auth/gensec/gensec.h" -#include "lib/util/mkdir_p.h" -#include "lib/crypto/gnutls_helpers.h" -#include #undef strncasecmp @@ -486,340 +482,6 @@ NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt, return NT_STATUS_OK; } -NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, - struct gensec_security *gensec, - TALLOC_CTX *mem_ctx, - enum dcerpc_pkt_type ptype, - uint8_t required_flags, - uint8_t optional_flags, - uint8_t payload_offset, - DATA_BLOB *payload_and_verifier, - DATA_BLOB *raw_packet, - const struct ncacn_packet *pkt) -{ - NTSTATUS status; - struct dcerpc_auth auth; - uint32_t auth_length; - - if (auth_state == NULL) { - return NT_STATUS_INTERNAL_ERROR; - } - - status = dcerpc_verify_ncacn_packet_header(pkt, ptype, - payload_and_verifier->length, - required_flags, optional_flags); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - switch (auth_state->auth_level) { - case DCERPC_AUTH_LEVEL_PRIVACY: - case DCERPC_AUTH_LEVEL_INTEGRITY: - case DCERPC_AUTH_LEVEL_PACKET: - break; - - case DCERPC_AUTH_LEVEL_CONNECT: - if (pkt->auth_length != 0) { - break; - } - return NT_STATUS_OK; - case DCERPC_AUTH_LEVEL_NONE: - if (pkt->auth_length != 0) { - return NT_STATUS_ACCESS_DENIED; - } - return NT_STATUS_OK; - - default: - return NT_STATUS_RPC_UNSUPPORTED_AUTHN_LEVEL; - } - - if (pkt->auth_length == 0) { - return NT_STATUS_RPC_PROTOCOL_ERROR; - } - - if (gensec == NULL) { - return NT_STATUS_INTERNAL_ERROR; - } - - status = dcerpc_pull_auth_trailer(pkt, mem_ctx, - payload_and_verifier, - &auth, &auth_length, false); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - if (payload_and_verifier->length < auth_length) { - /* - * should be checked in dcerpc_pull_auth_trailer() - */ - return NT_STATUS_INTERNAL_ERROR; - } - - payload_and_verifier->length -= auth_length; - - if (payload_and_verifier->length < auth.auth_pad_length) { - /* - * should be checked in dcerpc_pull_auth_trailer() - */ - return NT_STATUS_INTERNAL_ERROR; - } - - if (auth.auth_type != auth_state->auth_type) { - return NT_STATUS_ACCESS_DENIED; - } - - if (auth.auth_level != auth_state->auth_level) { - return NT_STATUS_ACCESS_DENIED; - } - - if (auth.auth_context_id != auth_state->auth_context_id) { - return NT_STATUS_ACCESS_DENIED; - } - - /* check signature or unseal the packet */ - switch (auth_state->auth_level) { - case DCERPC_AUTH_LEVEL_PRIVACY: - status = gensec_unseal_packet(gensec, - raw_packet->data + payload_offset, - payload_and_verifier->length, - raw_packet->data, - raw_packet->length - - auth.credentials.length, - &auth.credentials); - if (!NT_STATUS_IS_OK(status)) { - return NT_STATUS_RPC_SEC_PKG_ERROR; - } - memcpy(payload_and_verifier->data, - raw_packet->data + payload_offset, - payload_and_verifier->length); - break; - - case DCERPC_AUTH_LEVEL_INTEGRITY: - case DCERPC_AUTH_LEVEL_PACKET: - status = gensec_check_packet(gensec, - payload_and_verifier->data, - payload_and_verifier->length, - raw_packet->data, - raw_packet->length - - auth.credentials.length, - &auth.credentials); - if (!NT_STATUS_IS_OK(status)) { - return NT_STATUS_RPC_SEC_PKG_ERROR; - } - break; - - case DCERPC_AUTH_LEVEL_CONNECT: - /* for now we ignore possible signatures here */ - break; - - default: - return NT_STATUS_RPC_UNSUPPORTED_AUTHN_LEVEL; - } - - /* - * remove the indicated amount of padding - * - * A possible overflow is checked above. - */ - payload_and_verifier->length -= auth.auth_pad_length; - - return NT_STATUS_OK; -} - -NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state, - struct gensec_security *gensec, - TALLOC_CTX *mem_ctx, - DATA_BLOB *raw_packet, - size_t sig_size, - uint8_t payload_offset, - const DATA_BLOB *payload, - const struct ncacn_packet *pkt) -{ - TALLOC_CTX *frame = talloc_stackframe(); - NTSTATUS status; - enum ndr_err_code ndr_err; - struct ndr_push *ndr = NULL; - uint32_t payload_length; - uint32_t whole_length; - DATA_BLOB blob = data_blob_null; - DATA_BLOB sig = data_blob_null; - struct dcerpc_auth _out_auth_info; - struct dcerpc_auth *out_auth_info = NULL; - - *raw_packet = data_blob_null; - - if (auth_state == NULL) { - TALLOC_FREE(frame); - return NT_STATUS_INTERNAL_ERROR; - } - - switch (auth_state->auth_level) { - case DCERPC_AUTH_LEVEL_PRIVACY: - case DCERPC_AUTH_LEVEL_INTEGRITY: - case DCERPC_AUTH_LEVEL_PACKET: - if (sig_size == 0) { - TALLOC_FREE(frame); - return NT_STATUS_INTERNAL_ERROR; - } - - if (gensec == NULL) { - TALLOC_FREE(frame); - return NT_STATUS_INTERNAL_ERROR; - } - - _out_auth_info = (struct dcerpc_auth) { - .auth_type = auth_state->auth_type, - .auth_level = auth_state->auth_level, - .auth_context_id = auth_state->auth_context_id, - }; - out_auth_info = &_out_auth_info; - break; - - case DCERPC_AUTH_LEVEL_CONNECT: - /* - * TODO: let the gensec mech decide if it wants to generate a - * signature that might be needed for schannel... - */ - if (sig_size != 0) { - TALLOC_FREE(frame); - return NT_STATUS_INTERNAL_ERROR; - } - - if (gensec == NULL) { - TALLOC_FREE(frame); - return NT_STATUS_INTERNAL_ERROR; - } - break; - - case DCERPC_AUTH_LEVEL_NONE: - if (sig_size != 0) { - TALLOC_FREE(frame); - return NT_STATUS_INTERNAL_ERROR; - } - break; - - default: - TALLOC_FREE(frame); - return NT_STATUS_INTERNAL_ERROR; - } - - ndr = ndr_push_init_ctx(frame); - if (ndr == NULL) { - TALLOC_FREE(frame); - return NT_STATUS_NO_MEMORY; - } - - ndr_err = ndr_push_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, pkt); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - TALLOC_FREE(frame); - return ndr_map_error2ntstatus(ndr_err); - } - - if (out_auth_info != NULL) { - /* - * pad to 16 byte multiple in the payload portion of the - * packet. This matches what w2k3 does. Note that we can't use - * ndr_push_align() as that is relative to the start of the - * whole packet, whereas w2k8 wants it relative to the start - * of the stub. - */ - out_auth_info->auth_pad_length = - DCERPC_AUTH_PAD_LENGTH(payload->length); - ndr_err = ndr_push_zero(ndr, out_auth_info->auth_pad_length); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - TALLOC_FREE(frame); - return ndr_map_error2ntstatus(ndr_err); - } - - payload_length = payload->length + - out_auth_info->auth_pad_length; - - ndr_err = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, - out_auth_info); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - TALLOC_FREE(frame); - return ndr_map_error2ntstatus(ndr_err); - } - - whole_length = ndr->offset; - - ndr_err = ndr_push_zero(ndr, sig_size); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - TALLOC_FREE(frame); - return ndr_map_error2ntstatus(ndr_err); - } - } else { - payload_length = payload->length; - whole_length = ndr->offset; - } - - /* extract the whole packet as a blob */ - blob = ndr_push_blob(ndr); - - /* - * Setup the frag and auth length in the packet buffer. - * This is needed if the GENSEC mech does AEAD signing - * of the packet headers. The signature itself will be - * appended later. - */ - dcerpc_set_frag_length(&blob, blob.length); - dcerpc_set_auth_length(&blob, sig_size); - - /* sign or seal the packet */ - switch (auth_state->auth_level) { - case DCERPC_AUTH_LEVEL_PRIVACY: - status = gensec_seal_packet(gensec, - frame, - blob.data + payload_offset, - payload_length, - blob.data, - whole_length, - &sig); - if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(frame); - return status; - } - break; - - case DCERPC_AUTH_LEVEL_INTEGRITY: - case DCERPC_AUTH_LEVEL_PACKET: - status = gensec_sign_packet(gensec, - frame, - blob.data + payload_offset, - payload_length, - blob.data, - whole_length, - &sig); - if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(frame); - return status; - } - break; - - case DCERPC_AUTH_LEVEL_CONNECT: - case DCERPC_AUTH_LEVEL_NONE: - break; - - default: - TALLOC_FREE(frame); - return NT_STATUS_INTERNAL_ERROR; - } - - if (sig.length != sig_size) { - TALLOC_FREE(frame); - return NT_STATUS_RPC_SEC_PKG_ERROR; - } - - if (sig_size != 0) { - memcpy(blob.data + whole_length, sig.data, sig_size); - } - - *raw_packet = blob; - talloc_steal(mem_ctx, raw_packet->data); - TALLOC_FREE(frame); - return NT_STATUS_OK; -} - struct dcerpc_read_ncacn_packet_state { #if 0 struct { @@ -1474,129 +1136,3 @@ void dcerpc_log_packet(const char *packet_log_dir, free(name); } } - - -#ifdef DEVELOPER - -/* - * Save valid, well-formed DCE/RPC stubs to use as a seed for - * ndr_fuzz_X - */ -void dcerpc_save_ndr_fuzz_seed(TALLOC_CTX *mem_ctx, - DATA_BLOB raw_blob, - const char *dump_dir, - const char *iface_name, - int flags, - int opnum, - bool ndr64) -{ - char *fname = NULL; - const char *sub_dir = NULL; - TALLOC_CTX *temp_ctx = talloc_new(mem_ctx); - DATA_BLOB blob; - int ret, rc; - uint8_t digest[20]; - DATA_BLOB digest_blob; - char *digest_hex; - uint16_t fuzz_flags = 0; - - /* - * We want to save the 'stub' in a per-pipe subdirectory, with - * the ndr_fuzz_X header 4 byte header. For the sake of - * convenience (this is a developer only function), we mkdir - * -p the sub-directories when they are needed. - */ - - if (dump_dir == NULL) { - return; - } - - temp_ctx = talloc_stackframe(); - - sub_dir = talloc_asprintf(temp_ctx, "%s/%s", - dump_dir, - iface_name); - if (sub_dir == NULL) { - talloc_free(temp_ctx); - return; - } - ret = mkdir_p(sub_dir, 0755); - if (ret && errno != EEXIST) { - DBG_ERR("could not create %s\n", sub_dir); - talloc_free(temp_ctx); - return; - } - - blob.length = raw_blob.length + 4; - blob.data = talloc_array(sub_dir, - uint8_t, - blob.length); - if (blob.data == NULL) { - DBG_ERR("could not allocate for fuzz seeds! (%s)\n", - iface_name); - talloc_free(temp_ctx); - return; - } - - if (ndr64) { - fuzz_flags = 4; - } - if (flags & NDR_IN) { - fuzz_flags |= 1; - } else if (flags & NDR_OUT) { - fuzz_flags |= 2; - } - - SSVAL(blob.data, 0, fuzz_flags); - SSVAL(blob.data, 2, opnum); - - memcpy(&blob.data[4], - raw_blob.data, - raw_blob.length); - - /* - * This matches how oss-fuzz names the corpus input files, due - * to a preference from libFuzzer - */ - rc = gnutls_hash_fast(GNUTLS_DIG_SHA1, - blob.data, - blob.length, - digest); - if (rc < 0) { - /* - * This prints a better error message, eg if SHA1 is - * disabled - */ - NTSTATUS status = gnutls_error_to_ntstatus(rc, - NT_STATUS_HASH_NOT_SUPPORTED); - DBG_ERR("Failed to generate SHA1 to save fuzz seed: %s", - nt_errstr(status)); - talloc_free(temp_ctx); - return; - } - - digest_blob.data = digest; - digest_blob.length = sizeof(digest); - digest_hex = data_blob_hex_string_lower(temp_ctx, &digest_blob); - - fname = talloc_asprintf(temp_ctx, "%s/%s", - sub_dir, - digest_hex); - if (fname == NULL) { - talloc_free(temp_ctx); - return; - } - - /* - * If this fails, it is most likely because that file already - * exists. This is fine, it means we already have this - * sample - */ - file_save(fname, - blob.data, - blob.length); - - talloc_free(temp_ctx); -} - -#endif /*if DEVELOPER, enveloping _dcesrv_save_ndr_fuzz_seed() */ diff --git a/librpc/rpc/dcerpc_util.h b/librpc/rpc/dcerpc_util.h index 0ecaf428c3c9..a9bc7bd38320 100644 --- a/librpc/rpc/dcerpc_util.h +++ b/librpc/rpc/dcerpc_util.h @@ -74,24 +74,6 @@ NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt, size_t max_auth_info, uint8_t required_flags, uint8_t optional_flags); -NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, - struct gensec_security *gensec, - TALLOC_CTX *mem_ctx, - enum dcerpc_pkt_type ptype, - uint8_t required_flags, - uint8_t optional_flags, - uint8_t payload_offset, - DATA_BLOB *payload_and_verifier, - DATA_BLOB *raw_packet, - const struct ncacn_packet *pkt); -NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state, - struct gensec_security *gensec, - TALLOC_CTX *mem_ctx, - DATA_BLOB *raw_packet, - size_t sig_size, - uint8_t payload_offset, - const DATA_BLOB *payload, - const struct ncacn_packet *pkt); struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct tstream_context *stream); diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c index f7919ebf5755..8dda86d88e2c 100644 --- a/librpc/rpc/dcesrv_auth.c +++ b/librpc/rpc/dcesrv_auth.c @@ -24,6 +24,7 @@ #include "librpc/rpc/dcesrv_core.h" #include "librpc/rpc/dcesrv_core_proto.h" #include "librpc/rpc/dcerpc_util.h" +#include "librpc/rpc/dcerpc_pkt_auth.h" #include "librpc/gen_ndr/ndr_dcerpc.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" diff --git a/librpc/wscript_build b/librpc/wscript_build index e4632d538a48..59d6c31363d8 100644 --- a/librpc/wscript_build +++ b/librpc/wscript_build @@ -655,12 +655,24 @@ bld.SAMBA_LIBRARY('ndr', ) bld.SAMBA_LIBRARY('dcerpc-binding', - source='rpc/dcerpc_error.c rpc/binding.c rpc/dcerpc_util.c rpc/binding_handle.c', - deps='ndr tevent NDR_DCERPC LIBTSOCKET tevent-util gensec', + source=''' + rpc/dcerpc_error.c + rpc/binding.c + rpc/dcerpc_util.c + rpc/binding_handle.c + ''', + deps='ndr tevent NDR_DCERPC LIBTSOCKET tevent-util', pc_files=[], public_headers='rpc/rpc_common.h', vnum='0.0.1') +bld.SAMBA_LIBRARY('dcerpc-pkt-auth', + private_library=True, + source=''' + rpc/dcerpc_pkt_auth.c + ''', + deps='dcerpc-binding gensec') + bld.SAMBA_LIBRARY('dcerpc-server-core', source=''' rpc/dcesrv_core.c @@ -669,7 +681,14 @@ bld.SAMBA_LIBRARY('dcerpc-server-core', rpc/dcesrv_reply.c rpc/dcesrv_handles.c ''', - deps='ndr dcerpc-binding samba-util-core gnutls GNUTLS_HELPERS', + deps=''' + ndr + dcerpc-binding + samba-util-core + gnutls + GNUTLS_HELPERS + dcerpc-pkt-auth + ''', pc_files=[], public_headers='rpc/dcesrv_core.h', autoproto='rpc/dcesrv_core_proto.h', diff --git a/source3/wscript_build b/source3/wscript_build index 5d04fcb41d10..a143477a5064 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -1034,9 +1034,11 @@ bld.SAMBA3_LIBRARY('cli_spoolss', rpc_client/init_spoolss.c ''', deps=''' - RPC_NDR_SPOOLSS - smbconf - secrets3''', + RPC_NDR_SPOOLSS + smbconf + secrets3 + gensec + ''', private_library=True) bld.SAMBA3_SUBSYSTEM('LIBCLI_WINREG', diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index f97263dcc5b0..4847e8a02004 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -27,6 +27,7 @@ #include "librpc/rpc/dcerpc.h" #include "librpc/rpc/dcerpc_proto.h" #include "librpc/rpc/dcerpc_util.h" +#include "librpc/rpc/dcerpc_pkt_auth.h" #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_dcerpc.h" #include "auth/gensec/gensec.h" diff --git a/source4/librpc/wscript_build b/source4/librpc/wscript_build index ea9c4853d7aa..511008d919d1 100644 --- a/source4/librpc/wscript_build +++ b/source4/librpc/wscript_build @@ -157,7 +157,26 @@ bld.SAMBA_LIBRARY('dcerpc', rpc/dcerpc_roh_channel_in.c rpc/dcerpc_roh_channel_out.c rpc/dcerpc_roh.c rpc/dcerpc_connect.c rpc/dcerpc_secondary.c''', pc_files='dcerpc.pc', - deps='samba_socket LIBCLI_RESOLVE LIBCLI_SMB LIBCLI_SMB2 ndr NDR_DCERPC RPC_NDR_EPMAPPER NDR_SCHANNEL RPC_NDR_NETLOGON RPC_NDR_MGMT gensec LIBCLI_AUTH smbclient-raw LP_RESOLVE tevent-util dcerpc-binding param_options http', + deps=''' + samba_socket + LIBCLI_RESOLVE + LIBCLI_SMB + LIBCLI_SMB2 + ndr + NDR_DCERPC + RPC_NDR_EPMAPPER + NDR_SCHANNEL + RPC_NDR_NETLOGON + RPC_NDR_MGMT + gensec + LIBCLI_AUTH + smbclient-raw + LP_RESOLVE + tevent-util + dcerpc-binding + dcerpc-pkt-auth + param_options + http''', autoproto='rpc/dcerpc_proto.h', public_deps='samba-credentials tevent talloc', public_headers='''rpc/dcerpc.h''', -- 2.25.1 From cfa7cdabeb2cfb6112ad5bd64167b9deb0508127 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 13 Nov 2020 11:25:41 +0100 Subject: [PATCH 3/9] CVE-2021-23192: dcesrv_core: add better debugging to dcesrv_fault_disconnect() It's better to see the location that triggered the fault. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher Reviewed-by: Samuel Cabrero --- librpc/rpc/dcesrv_core.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c index 74730f22c7cc..0c2d83b4b174 100644 --- a/librpc/rpc/dcesrv_core.c +++ b/librpc/rpc/dcesrv_core.c @@ -705,19 +705,38 @@ static NTSTATUS dcesrv_bind_nak(struct dcesrv_call_state *call, uint32_t reason) return NT_STATUS_OK; } -static NTSTATUS dcesrv_fault_disconnect(struct dcesrv_call_state *call, - uint32_t fault_code) +static NTSTATUS _dcesrv_fault_disconnect_flags(struct dcesrv_call_state *call, + uint32_t fault_code, + uint8_t extra_flags, + const char *func, + const char *location) { + const char *reason = NULL; + + reason = talloc_asprintf(call, "%s:%s: fault=%u (%s) flags=0x%x", + func, location, + fault_code, + dcerpc_errstr(call, fault_code), + extra_flags); + if (reason == NULL) { + reason = location; + } + /* * We add the call to the pending_call_list * in order to defer the termination. */ - dcesrv_call_disconnect_after(call, "dcesrv_fault_disconnect"); - return dcesrv_fault_with_flags(call, fault_code, - DCERPC_PFC_FLAG_DID_NOT_EXECUTE); + dcesrv_call_disconnect_after(call, reason); + + return dcesrv_fault_with_flags(call, fault_code, extra_flags); } +#define dcesrv_fault_disconnect(call, fault_code) \ + _dcesrv_fault_disconnect_flags(call, fault_code, \ + DCERPC_PFC_FLAG_DID_NOT_EXECUTE, \ + __func__, __location__) + static int dcesrv_connection_context_destructor(struct dcesrv_connection_context *c) { DLIST_REMOVE(c->conn->contexts, c); -- 2.25.1 From c726e2619478ed256db8b7c03c0747215fb0cea2 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 13 Nov 2020 11:27:19 +0100 Subject: [PATCH 4/9] CVE-2021-23192: dcesrv_core: add dcesrv_fault_disconnect0() that skips DCERPC_PFC_FLAG_DID_NOT_EXECUTE That makes the callers much simpler and allow better debugging. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher Reviewed-by: Samuel Cabrero --- librpc/rpc/dcesrv_core.c | 47 ++++++++++++++-------------------------- 1 file changed, 16 insertions(+), 31 deletions(-) diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c index 0c2d83b4b174..ffaa9019d4b8 100644 --- a/librpc/rpc/dcesrv_core.c +++ b/librpc/rpc/dcesrv_core.c @@ -736,6 +736,9 @@ static NTSTATUS _dcesrv_fault_disconnect_flags(struct dcesrv_call_state *call, _dcesrv_fault_disconnect_flags(call, fault_code, \ DCERPC_PFC_FLAG_DID_NOT_EXECUTE, \ __func__, __location__) +#define dcesrv_fault_disconnect0(call, fault_code) \ + _dcesrv_fault_disconnect_flags(call, fault_code, 0, \ + __func__, __location__) static int dcesrv_connection_context_destructor(struct dcesrv_connection_context *c) { @@ -2097,10 +2100,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, * Note that we don't check against the negotiated * max_recv_frag, but a hard coded value. */ - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - frag_length too large"); - return dcesrv_fault(call, - DCERPC_NCA_S_PROTO_ERROR); + return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); } if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST) { @@ -2110,10 +2110,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, * if DCERPC_PFC_FLAG_CONC_MPX was negotiated. */ if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) { - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - " - "existing pending call without CONN_MPX"); - return dcesrv_fault(call, + return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); } } @@ -2131,10 +2128,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, TALLOC_FREE(call); call = dce_conn->incoming_fragmented_call_list; } - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - " - "existing fragmented call"); - return dcesrv_fault(call, + return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); } if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_PENDING_CANCEL) { @@ -2155,10 +2149,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, existing = dcesrv_find_fragmented_call(dce_conn, call->pkt.call_id); if (existing == NULL) { - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - " - "no existing fragmented call"); - return dcesrv_fault(call, + return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); } er = &existing->pkt.u.request; @@ -2211,12 +2202,10 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, * here, because we don't want to set * DCERPC_PFC_FLAG_DID_NOT_EXECUTE */ - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - failed"); if (call->fault_code == 0) { call->fault_code = DCERPC_FAULT_ACCESS_DENIED; } - return dcesrv_fault(call, call->fault_code); + return dcesrv_fault_disconnect0(call, call->fault_code); } } @@ -2233,20 +2222,17 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, */ available = dce_conn->max_total_request_size; if (er->stub_and_verifier.length > available) { - dcesrv_call_disconnect_after(existing, - "dcesrv_auth_request - existing payload too large"); - return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED); + return dcesrv_fault_disconnect0(existing, + DCERPC_FAULT_ACCESS_DENIED); } available -= er->stub_and_verifier.length; if (nr->alloc_hint > available) { - dcesrv_call_disconnect_after(existing, - "dcesrv_auth_request - alloc hint too large"); - return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED); + return dcesrv_fault_disconnect0(existing, + DCERPC_FAULT_ACCESS_DENIED); } if (nr->stub_and_verifier.length > available) { - dcesrv_call_disconnect_after(existing, - "dcesrv_auth_request - new payload too large"); - return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED); + return dcesrv_fault_disconnect0(existing, + DCERPC_FAULT_ACCESS_DENIED); } alloc_hint = er->stub_and_verifier.length + nr->alloc_hint; /* allocate at least 1 byte */ @@ -2285,9 +2271,8 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, * Up to 4 MByte are allowed by all fragments */ if (call->pkt.u.request.alloc_hint > dce_conn->max_total_request_size) { - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - initial alloc hint too large"); - return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED); + return dcesrv_fault_disconnect0(call, + DCERPC_FAULT_ACCESS_DENIED); } dcesrv_call_set_list(call, DCESRV_LIST_FRAGMENTED_CALL_LIST); return NT_STATUS_OK; -- 2.25.1 From 26ad4998b952375707d24bb9fee7e89b6f0b87b4 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 11 Nov 2020 16:59:06 +0100 Subject: [PATCH 5/9] CVE-2021-23192: python/tests/dcerpc: change assertNotEquals() into assertNotEqual() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher Reviewed-by: Samuel Cabrero --- python/samba/tests/dcerpc/raw_protocol.py | 288 +++++++++++----------- python/samba/tests/dcerpc/raw_testcase.py | 14 +- 2 files changed, 151 insertions(+), 151 deletions(-) diff --git a/python/samba/tests/dcerpc/raw_protocol.py b/python/samba/tests/dcerpc/raw_protocol.py index dc13d41c6a25..cbd398d52907 100755 --- a/python/samba/tests/dcerpc/raw_protocol.py +++ b/python/samba/tests/dcerpc/raw_protocol.py @@ -65,7 +65,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=rep_pfc_flags, auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -86,7 +86,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -108,7 +108,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -128,7 +128,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=rep_pfc_flags, auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertEqual(rep.u.secondary_address, "") self.assertPadding(rep.u._pad1, 2) @@ -149,7 +149,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -396,7 +396,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -469,7 +469,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -489,7 +489,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -521,7 +521,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -541,7 +541,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 1) @@ -562,7 +562,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, ctx1.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -589,7 +589,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -609,7 +609,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 1) @@ -630,7 +630,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -646,7 +646,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 1) @@ -705,7 +705,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -732,7 +732,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -765,7 +765,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -794,7 +794,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -826,7 +826,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -855,7 +855,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 1) @@ -876,7 +876,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, ctx1a.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -902,7 +902,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -928,7 +928,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 1) @@ -947,7 +947,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -966,7 +966,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 1) @@ -985,7 +985,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1004,7 +1004,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 1) @@ -1023,7 +1023,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1049,7 +1049,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 2) @@ -1073,7 +1073,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1085,7 +1085,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 2) @@ -1109,7 +1109,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1122,7 +1122,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1134,7 +1134,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 2) @@ -1158,7 +1158,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1171,7 +1171,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1197,7 +1197,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 2) @@ -1221,7 +1221,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1233,7 +1233,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 2) @@ -1257,7 +1257,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1282,7 +1282,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1318,7 +1318,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1352,7 +1352,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1424,7 +1424,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1459,7 +1459,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1494,7 +1494,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1617,7 +1617,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1638,7 +1638,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1658,7 +1658,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -1708,7 +1708,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, rep_both) self.assertEqual(rep.u.max_recv_frag, rep_both) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1760,7 +1760,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu(ndr_print=True, hexdump=True) self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1775,7 +1775,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1791,7 +1791,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -1866,7 +1866,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1888,7 +1888,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1902,7 +1902,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1916,7 +1916,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1994,7 +1994,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2014,7 +2014,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2036,7 +2036,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2052,7 +2052,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2098,7 +2098,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2128,7 +2128,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2195,7 +2195,7 @@ class TestDCERPC_BIND(RawDCERPCTest): dcerpc.DCERPC_PFC_FLAG_LAST | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2243,7 +2243,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2277,7 +2277,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2313,7 +2313,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST | dcerpc.DCERPC_PFC_FLAG_LAST, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2341,7 +2341,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2376,7 +2376,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2390,7 +2390,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2415,7 +2415,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2450,7 +2450,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2464,7 +2464,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2503,7 +2503,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2517,7 +2517,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2552,7 +2552,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req1.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req1.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2600,7 +2600,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req2.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2650,7 +2650,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -2660,7 +2660,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -2691,7 +2691,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -2707,7 +2707,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2727,7 +2727,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We don't get an auth_info back self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2747,7 +2747,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2805,7 +2805,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -2815,7 +2815,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -2846,7 +2846,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -2868,7 +2868,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2926,7 +2926,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) assoc_group_id = rep.u.assoc_group_id self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) @@ -2937,7 +2937,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -2961,7 +2961,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3009,7 +3009,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3019,7 +3019,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3047,7 +3047,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3098,7 +3098,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3108,7 +3108,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3137,7 +3137,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3153,7 +3153,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -3173,7 +3173,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We don't get an auth_info back self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -3205,7 +3205,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3256,7 +3256,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3266,7 +3266,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3295,7 +3295,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3311,7 +3311,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -3331,7 +3331,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We don't get an auth_info back self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -3362,7 +3362,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3409,7 +3409,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3419,7 +3419,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3440,7 +3440,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3493,7 +3493,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3503,7 +3503,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3524,7 +3524,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3579,7 +3579,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3589,7 +3589,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3611,7 +3611,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3659,7 +3659,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3669,7 +3669,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3691,7 +3691,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3746,7 +3746,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3756,7 +3756,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3778,7 +3778,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3833,7 +3833,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3843,7 +3843,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3865,7 +3865,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3930,7 +3930,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3940,7 +3940,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3984,7 +3984,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -4000,7 +4000,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -4020,7 +4020,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We don't get an auth_info back self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -4144,7 +4144,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -4154,7 +4154,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -4191,7 +4191,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -4256,7 +4256,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -4266,7 +4266,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -4295,7 +4295,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -4315,7 +4315,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We don't get an auth_info back self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -4375,7 +4375,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -4385,7 +4385,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -4406,7 +4406,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -4521,7 +4521,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, pfc_flags=req.pfc_flags | response_fault_flags, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, ctx1.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -4688,7 +4688,7 @@ class TestDCERPC_BIND(RawDCERPCTest): (rep, rep_blob) = self.recv_pdu_raw() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=sig_size) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -4756,7 +4756,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, ctx1.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -4805,7 +4805,7 @@ class TestDCERPC_BIND(RawDCERPCTest): (rep, rep_blob) = self.recv_pdu_raw() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=sig_size) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -4870,7 +4870,7 @@ class TestDCERPC_BIND(RawDCERPCTest): (rep, rep_blob) = self.recv_pdu_raw() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=sig_size) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py index f1c097ebe6d3..ed77d329cd5d 100644 --- a/python/samba/tests/dcerpc/raw_testcase.py +++ b/python/samba/tests/dcerpc/raw_testcase.py @@ -321,7 +321,7 @@ class RawDCERPCTest(TestCase): pfc_flags=req.pfc_flags | samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -361,7 +361,7 @@ class RawDCERPCTest(TestCase): if assoc_group_id != 0: self.assertEqual(rep.u.assoc_group_id, assoc_group_id) else: - self.assertNotEquals(rep.u.assoc_group_id, 0) + self.assertNotEqual(rep.u.assoc_group_id, 0) assoc_group_id = rep.u.assoc_group_id sda_str = self.secondary_address sda_len = len(sda_str) + 1 @@ -385,7 +385,7 @@ class RawDCERPCTest(TestCase): self.assertEqual(rep.auth_length, 0) self.assertEqual(len(rep.u.auth_info), 0) return ack - self.assertNotEquals(rep.auth_length, 0) + self.assertNotEqual(rep.auth_length, 0) self.assertGreater(len(rep.u.auth_info), samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH) self.assertEqual(rep.auth_length, len(rep.u.auth_info) - samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH) @@ -426,7 +426,7 @@ class RawDCERPCTest(TestCase): pfc_flags=req.pfc_flags | samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -451,7 +451,7 @@ class RawDCERPCTest(TestCase): if finished: self.assertEqual(rep.auth_length, 0) else: - self.assertNotEquals(rep.auth_length, 0) + self.assertNotEqual(rep.auth_length, 0) self.assertGreaterEqual(len(rep.u.auth_info), samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH) self.assertEqual(rep.auth_length, len(rep.u.auth_info) - samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH) @@ -547,7 +547,7 @@ class RawDCERPCTest(TestCase): if fault_status: self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, req.call_id, pfc_flags=fault_pfc_flags, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, fault_context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -563,7 +563,7 @@ class RawDCERPCTest(TestCase): self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=expected_auth_length) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) -- 2.25.1 From c5477d0fd698275105d39f4518ff761f24e64070 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 17 Nov 2020 09:50:58 +0100 Subject: [PATCH 6/9] CVE-2021-23192: python/tests/dcerpc: let generate_request_auth() use g_auth_level in all places BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher Reviewed-by: Samuel Cabrero --- python/samba/tests/dcerpc/raw_testcase.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py index ed77d329cd5d..53f7fa0a2a8a 100644 --- a/python/samba/tests/dcerpc/raw_testcase.py +++ b/python/samba/tests/dcerpc/raw_testcase.py @@ -922,12 +922,12 @@ class RawDCERPCTest(TestCase): req_data = req_blob[ofs_stub:ofs_trailer] req_whole = req_blob[0:ofs_sig] - if auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PRIVACY: + if auth_context["g_auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PRIVACY: # TODO: not yet supported here self.assertTrue(False) - elif auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET: + elif auth_context["g_auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET: req_sig = auth_context["gensec"].sign_packet(req_data, req_whole) - elif auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_CONNECT: + elif auth_context["g_auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_CONNECT: self.assertEqual(auth_context["auth_type"], dcerpc.DCERPC_AUTH_TYPE_NTLMSSP) req_sig = b"\x01" +b"\x00" *15 -- 2.25.1 From 73761bea88e540c595e02058f28be9d232fcd1f4 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 17 Nov 2020 17:43:06 +0100 Subject: [PATCH 7/9] CVE-2021-23192: python/tests/dcerpc: fix do_single_request(send_req=False) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher Reviewed-by: Samuel Cabrero --- python/samba/tests/dcerpc/raw_testcase.py | 37 ++++++++++++----------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py index 53f7fa0a2a8a..22b56704fa33 100644 --- a/python/samba/tests/dcerpc/raw_testcase.py +++ b/python/samba/tests/dcerpc/raw_testcase.py @@ -526,26 +526,25 @@ class RawDCERPCTest(TestCase): if hexdump: sys.stderr.write("stub_in: %d\n%s" % (len(stub_in), self.hexdump(stub_in))) - pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST - pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST - if object is not None: - pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID - - req = self.generate_request_auth(call_id=call_id, - context_id=ctx.context_id, - pfc_flags=pfc_flags, - object=object, - opnum=io.opnum(), - stub=stub_in, - auth_context=auth_context) - if send_req: + pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST + pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST + if object is not None: + pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID + + req = self.generate_request_auth(call_id=call_id, + context_id=ctx.context_id, + pfc_flags=pfc_flags, + object=object, + opnum=io.opnum(), + stub=stub_in, + auth_context=auth_context) self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump) if recv_rep: (rep, rep_blob) = self.recv_pdu_raw(timeout=timeout, ndr_print=ndr_print, hexdump=hexdump) if fault_status: - self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, req.call_id, + self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, call_id, pfc_flags=fault_pfc_flags, auth_length=0) self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, fault_context_id) @@ -559,12 +558,16 @@ class RawDCERPCTest(TestCase): expected_auth_length = 0 if auth_context is not None and \ auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET: - expected_auth_length = req.auth_length + if send_req: + expected_auth_length = req.auth_length + else: + expected_auth_length = rep.auth_length + - self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, req.call_id, + self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, call_id, auth_length=expected_auth_length) self.assertNotEqual(rep.u.alloc_hint, 0) - self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) + self.assertEqual(rep.u.context_id, ctx.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) stub_out = self.check_response_auth(rep, rep_blob, auth_context) -- 2.25.1 From 438fe8250d00b47a978a10b72b61beea0dadb86e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 17 Nov 2020 18:14:46 +0100 Subject: [PATCH 8/9] CVE-2021-23192: python/tests/dcerpc: add tests to check how security contexts relate to fragmented requests BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher Reviewed-by: Samuel Cabrero --- python/samba/tests/dcerpc/raw_protocol.py | 1273 +++++++++++++++++++++ selftest/knownfail.d/dcerpc-auth-fraq | 20 + 2 files changed, 1293 insertions(+) create mode 100644 selftest/knownfail.d/dcerpc-auth-fraq diff --git a/python/samba/tests/dcerpc/raw_protocol.py b/python/samba/tests/dcerpc/raw_protocol.py index cbd398d52907..3c9d0b136a54 100755 --- a/python/samba/tests/dcerpc/raw_protocol.py +++ b/python/samba/tests/dcerpc/raw_protocol.py @@ -1683,6 +1683,1279 @@ class TestDCERPC_BIND(RawDCERPCTest): def test_auth_none_packet_request(self): return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_PACKET) + def test_ntlmssp_multi_auth_first1_lastSame2(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_FAULT_SEC_PKG_ERROR + auth_context_2nd = 2 + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_lastNext2(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 2 + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_lastSame111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = None + auth_context_2nd = 1 + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_lastNext111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 1 + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_lastNext111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 1 + expected_call_id = 4 + expected_context_id = 0 + not_executed = False + conc_mpx = True + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_lastSameNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_lastSameNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = True + forced_call_id = None + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_lastNextNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_lastNextNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = 4 + expected_context_id = 0 + not_executed = False + conc_mpx = True + forced_call_id = 4 + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_lastSameNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_lastSameNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = True + forced_call_id = None + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_lastNextNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_lastNextNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = 4 + expected_context_id = 0 + not_executed = False + conc_mpx = True + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def _test_generic_auth_first_2nd(self, + auth_type, + pfc_flags_2nd, + expected_fault, + auth_context_2nd=2, + skip_first=False, + expected_call_id=None, + expected_context_id=None, + conc_mpx=False, + not_executed=False, + forced_call_id=None, + forced_context_id=None, + forced_opnum=None, + forced_auth_context_id=None, + forced_auth_type=None, + forced_auth_level=None): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + auth_level1 = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY + auth_context_id1=1 + auth_level2 = dcerpc.DCERPC_AUTH_LEVEL_PACKET + auth_context_id2=2 + + creds = self.get_user_creds() + + abstract = samba.dcerpc.mgmt.abstract_syntax() + transfer = base.transfer_syntax_ndr() + + tsf1_list = [transfer] + ctx = samba.dcerpc.dcerpc.ctx_list() + ctx.context_id = 1 + ctx.num_transfer_syntaxes = len(tsf1_list) + ctx.abstract_syntax = abstract + ctx.transfer_syntaxes = tsf1_list + + auth_context1 = self.get_auth_context_creds(creds=creds, + auth_type=auth_type, + auth_level=auth_level1, + auth_context_id=auth_context_id1, + hdr_signing=False) + auth_context2 = self.get_auth_context_creds(creds=creds, + auth_type=auth_type, + auth_level=auth_level2, + auth_context_id=auth_context_id2, + hdr_signing=False) + + bind_pfc_flags = dcerpc.DCERPC_PFC_FLAG_FIRST | dcerpc.DCERPC_PFC_FLAG_LAST + if conc_mpx: + bind_pfc_flags |= dcerpc.DCERPC_PFC_FLAG_CONC_MPX + + ack0 = self.do_generic_bind(call_id=0, + ctx=ctx, + pfc_flags=bind_pfc_flags) + + ack1 = self.do_generic_bind(call_id=1, + ctx=ctx, + auth_context=auth_context1, + assoc_group_id = ack0.u.assoc_group_id, + start_with_alter=True) + if auth_context_2nd == 2: + ack2 = self.do_generic_bind(call_id=2, + ctx=ctx, + auth_context=auth_context2, + assoc_group_id = ack0.u.assoc_group_id, + start_with_alter=True) + + ndr_print = self.do_ndr_print + hexdump = self.do_hexdump + inq_if_ids = samba.dcerpc.mgmt.inq_if_ids() + io = inq_if_ids + if ndr_print: + sys.stderr.write("in: %s" % samba.ndr.ndr_print_in(io)) + stub_in = samba.ndr.ndr_pack_in(io) + stub_in += b'\xfe'*45 # add some padding in order to have some payload + if hexdump: + sys.stderr.write("stub_in: %d\n%s" % (len(stub_in), self.hexdump(stub_in))) + + call_id = 3 + context_id = ctx.context_id + opnum = io.opnum() + + if not skip_first: + pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST + stub_in_tmp = stub_in[0:16] + req = self.generate_request_auth(call_id=call_id, + context_id=context_id, + pfc_flags=pfc_flags, + opnum=opnum, + alloc_hint=len(stub_in), + stub=stub_in_tmp, + auth_context=auth_context1) + self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump) + rep = self.recv_pdu(timeout=0.01) + self.assertIsNone(rep) + self.assertIsConnected() + + # context_id, opnum and auth header values are completely ignored + if auth_context_2nd == 1: + auth_context_copy = auth_context1.copy() + elif auth_context_2nd == 2: + auth_context_copy = auth_context2.copy() + else: + auth_context_copy = None + + expected_pfc_flags = dcerpc.DCERPC_PFC_FLAG_FIRST | dcerpc.DCERPC_PFC_FLAG_LAST + if expected_context_id is None: + expected_context_id = context_id + if expected_call_id is None: + expected_call_id = call_id + if not_executed: + expected_pfc_flags |= dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE + + if forced_call_id is not None: + call_id = forced_call_id + if forced_context_id is not None: + context_id = forced_context_id + if forced_opnum is not None: + opnum = forced_opnum + if forced_auth_context_id is not None: + auth_context_copy["auth_context_id"] = forced_auth_context_id + if forced_auth_type is not None: + auth_context_copy["auth_type"] = forced_auth_type + if forced_auth_level is not None: + auth_context_copy["auth_level"] = forced_auth_level + + pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST + stub_in_tmp = stub_in[16:-1] + req = self.generate_request_auth(call_id=call_id, + context_id=context_id, + pfc_flags=pfc_flags_2nd, + opnum=opnum, + alloc_hint=len(stub_in_tmp), + stub=stub_in_tmp, + auth_context=auth_context_copy) + self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump) + if expected_fault is None: + self.do_single_request(call_id=3, ctx=ctx, io=io, send_req=False, auth_context=auth_context1) + return + rep = self.recv_pdu() + self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, expected_call_id, + pfc_flags=expected_pfc_flags, + auth_length=0) + self.assertNotEqual(rep.u.alloc_hint, 0) + self.assertEqual(rep.u.context_id, expected_context_id) + self.assertEqual(rep.u.cancel_count, 0) + self.assertEqual(rep.u.flags, 0) + self.assertEqual(rep.u.status, expected_fault) + self.assertEqual(rep.u.reserved, 0) + self.assertEqual(len(rep.u.error_and_verifier), 0) + + if not_executed: + # still alive + rep = self.recv_pdu(timeout=0.01) + self.assertIsNone(rep) + self.assertIsConnected() + return + + # wait for a disconnect + rep = self.recv_pdu() + self.assertIsNone(rep) + self.assertNotConnected() + + def _test_generic_auth_first_last(self, + auth_type, + expected_fault, + auth_context_2nd=2, + expected_call_id=None, + expected_context_id=None, + conc_mpx=False, + not_executed=False, + forced_call_id=None, + forced_context_id=None, + forced_opnum=None, + forced_auth_context_id=None, + forced_auth_type=None, + forced_auth_level=None): + pfc_flags_2nd = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST + return self._test_generic_auth_first_2nd(auth_type, + pfc_flags_2nd, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def _test_generic_auth_first_first(self, + auth_type, + expected_fault, + auth_context_2nd=2, + expected_call_id=None, + expected_context_id=None, + conc_mpx=False, + not_executed=False, + forced_call_id=None, + forced_context_id=None, + forced_opnum=None, + forced_auth_context_id=None, + forced_auth_type=None, + forced_auth_level=None): + pfc_flags_2nd = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST + return self._test_generic_auth_first_2nd(auth_type, + pfc_flags_2nd, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstSame2(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_FAULT_SEC_PKG_ERROR + auth_context_2nd = 2 + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstNext2(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 2 + expected_call_id = 3 + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstSame111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 1 + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_firstSame111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 1 + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = True + forced_call_id = None + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstNext111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 1 + expected_call_id = 3 + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_firstNext111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 1 + expected_call_id = 4 + expected_context_id = 0 + not_executed = False + conc_mpx = True + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstSameNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_firstSameNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = True + forced_call_id = None + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstNextNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_firstNextNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = 4 + expected_context_id = 0 + not_executed = False + conc_mpx = True + forced_call_id = 4 + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstSameNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_firstSameNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = True + forced_call_id = None + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstNextNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_firstNextNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = 4 + expected_context_id = 0 + not_executed = False + conc_mpx = True + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def _test_generic_auth_middle(self, + auth_type, + expected_fault, + expected_context_id=None, + not_executed=False, + conc_mpx=False, + forced_context_id=None, + forced_opnum=None, + forced_auth_context_id=None, + forced_auth_type=None, + forced_auth_level=None): + auth_context_2nd = 1 + skip_first = True + pfc_flags_2nd = 0 + expected_call_id = None + forced_call_id = None + return self._test_generic_auth_first_2nd(auth_type, + pfc_flags_2nd, + expected_fault, + auth_context_2nd=auth_context_2nd, + skip_first=skip_first, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_middle_alone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + expected_context_id = 0 + not_executed = False + conc_mpx = False + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_MPX_middle_alone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + expected_context_id = None + not_executed = False + conc_mpx = True + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_middle_all_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + expected_context_id = 0 + not_executed = False + conc_mpx = False + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_MPX_middle_all_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_UNKNOWN_IF + expected_context_id = 0 + not_executed = True + conc_mpx = True + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_middle_auth_all_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + expected_context_id = 0 + not_executed = False + conc_mpx = False + forced_context_id = None + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_MPX_middle_auth_all_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED + expected_context_id = None + not_executed = False + conc_mpx = True + forced_context_id = None + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_middle_auth_context_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + expected_context_id = 0 + not_executed = False + conc_mpx = False + forced_context_id = None + forced_opnum = None + forced_auth_context_id = 111 + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_MPX_middle_auth_context_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED + expected_context_id = None + not_executed = False + conc_mpx = True + forced_context_id = None + forced_opnum = None + forced_auth_context_id = 111 + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_middle_auth_type_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + expected_context_id = 0 + not_executed = False + conc_mpx = False + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = 111 + forced_auth_level = None + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_MPX_middle_auth_type_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED + expected_context_id = None + not_executed = False + conc_mpx = True + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = 111 + forced_auth_level = None + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_middle_auth_level_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + expected_context_id = 0 + not_executed = False + conc_mpx = False + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = 111 + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_MPX_middle_auth_level_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED + expected_context_id = None + not_executed = False + conc_mpx = True + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = 111 + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + def _test_neg_xmit_check_values(self, req_xmit=None, req_recv=None, diff --git a/selftest/knownfail.d/dcerpc-auth-fraq b/selftest/knownfail.d/dcerpc-auth-fraq new file mode 100644 index 000000000000..f3c62b65e9e9 --- /dev/null +++ b/selftest/knownfail.d/dcerpc-auth-fraq @@ -0,0 +1,20 @@ +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_all_111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_alone +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_all_111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_context_111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_level_111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_type_111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSame111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_firstSame2 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext2 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame2 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone111 -- 2.25.1 From a51c49253f62e7d21731facd5b05f260f4887da4 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 16 Nov 2020 14:15:06 +0100 Subject: [PATCH 9/9] CVE-2021-23192: dcesrv_core: only the first fragment specifies the auth_contexts All other fragments blindly inherit it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher Reviewed-by: Samuel Cabrero --- librpc/rpc/dcerpc_pkt_auth.c | 19 +++--- librpc/rpc/dcerpc_pkt_auth.h | 1 + librpc/rpc/dcesrv_auth.c | 28 +++++++++ librpc/rpc/dcesrv_core.c | 86 +++++++++++++++++++++------ selftest/knownfail.d/dcerpc-auth-fraq | 20 ------- source4/librpc/rpc/dcerpc.c | 1 + 6 files changed, 109 insertions(+), 46 deletions(-) delete mode 100644 selftest/knownfail.d/dcerpc-auth-fraq diff --git a/librpc/rpc/dcerpc_pkt_auth.c b/librpc/rpc/dcerpc_pkt_auth.c index 322d7497893c..1cb191468b5d 100644 --- a/librpc/rpc/dcerpc_pkt_auth.c +++ b/librpc/rpc/dcerpc_pkt_auth.c @@ -39,6 +39,7 @@ NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, struct gensec_security *gensec, + bool check_pkt_auth_fields, TALLOC_CTX *mem_ctx, enum dcerpc_pkt_type ptype, uint8_t required_flags, @@ -115,16 +116,18 @@ NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, return NT_STATUS_INTERNAL_ERROR; } - if (auth.auth_type != auth_state->auth_type) { - return NT_STATUS_ACCESS_DENIED; - } + if (check_pkt_auth_fields) { + if (auth.auth_type != auth_state->auth_type) { + return NT_STATUS_ACCESS_DENIED; + } - if (auth.auth_level != auth_state->auth_level) { - return NT_STATUS_ACCESS_DENIED; - } + if (auth.auth_level != auth_state->auth_level) { + return NT_STATUS_ACCESS_DENIED; + } - if (auth.auth_context_id != auth_state->auth_context_id) { - return NT_STATUS_ACCESS_DENIED; + if (auth.auth_context_id != auth_state->auth_context_id) { + return NT_STATUS_ACCESS_DENIED; + } } /* check signature or unseal the packet */ diff --git a/librpc/rpc/dcerpc_pkt_auth.h b/librpc/rpc/dcerpc_pkt_auth.h index c0d23b91c057..1dcee12f53c2 100644 --- a/librpc/rpc/dcerpc_pkt_auth.h +++ b/librpc/rpc/dcerpc_pkt_auth.h @@ -31,6 +31,7 @@ NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, struct gensec_security *gensec, + bool check_pkt_auth_fields, TALLOC_CTX *mem_ctx, enum dcerpc_pkt_type ptype, uint8_t required_flags, diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c index 8dda86d88e2c..9d8df6c42e29 100644 --- a/librpc/rpc/dcesrv_auth.c +++ b/librpc/rpc/dcesrv_auth.c @@ -438,6 +438,10 @@ bool dcesrv_auth_prepare_auth3(struct dcesrv_call_state *call) return false; } + if (auth->auth_invalid) { + return false; + } + /* We can't work without an existing gensec state */ if (auth->gensec_security == NULL) { return false; @@ -524,6 +528,10 @@ bool dcesrv_auth_alter(struct dcesrv_call_state *call) return false; } + if (auth->auth_invalid) { + return false; + } + if (call->in_auth_info.auth_type != auth->auth_type) { return false; } @@ -590,6 +598,7 @@ bool dcesrv_auth_pkt_pull(struct dcesrv_call_state *call, .auth_level = auth->auth_level, .auth_context_id = auth->auth_context_id, }; + bool check_pkt_auth_fields; NTSTATUS status; if (!auth->auth_started) { @@ -605,8 +614,27 @@ bool dcesrv_auth_pkt_pull(struct dcesrv_call_state *call, return false; } + if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST) { + /* + * The caller most likely checked this + * already, but we better double check. + */ + check_pkt_auth_fields = true; + } else { + /* + * The caller already found first fragment + * and is passing the auth_state of it. + * A server is supposed to use the + * setting of the first fragment and + * completely ignore the values + * on the remaining fragments + */ + check_pkt_auth_fields = false; + } + status = dcerpc_ncacn_pull_pkt_auth(&tmp_auth, auth->gensec_security, + check_pkt_auth_fields, call, pkt->ptype, required_flags, diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c index ffaa9019d4b8..0bab4c106410 100644 --- a/librpc/rpc/dcesrv_core.c +++ b/librpc/rpc/dcesrv_core.c @@ -1805,6 +1805,10 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call) struct ndr_pull *pull; NTSTATUS status; + if (auth->auth_invalid) { + return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR); + } + if (!auth->auth_finished) { return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR); } @@ -1968,6 +1972,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, enum dcerpc_AuthType auth_type = 0; enum dcerpc_AuthLevel auth_level = 0; uint32_t auth_context_id = 0; + bool auth_invalid = false; call = talloc_zero(dce_conn, struct dcesrv_call_state); if (!call) { @@ -1999,12 +2004,16 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, if (call->auth_state == NULL) { struct dcesrv_auth *a = NULL; + bool check_type_level = true; auth_type = dcerpc_get_auth_type(&blob); auth_level = dcerpc_get_auth_level(&blob); auth_context_id = dcerpc_get_auth_context_id(&blob); if (call->pkt.ptype == DCERPC_PKT_REQUEST) { + if (!(call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST)) { + check_type_level = false; + } dce_conn->default_auth_level_connect = NULL; if (auth_level == DCERPC_AUTH_LEVEL_CONNECT) { dce_conn->got_explicit_auth_level_connect = true; @@ -2014,14 +2023,19 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, for (a = dce_conn->auth_states; a != NULL; a = a->next) { num_auth_ctx++; - if (a->auth_type != auth_type) { + if (a->auth_context_id != auth_context_id) { continue; } - if (a->auth_finished && a->auth_level != auth_level) { - continue; + + if (a->auth_type != auth_type) { + auth_invalid = true; } - if (a->auth_context_id != auth_context_id) { - continue; + if (a->auth_level != auth_level) { + auth_invalid = true; + } + + if (check_type_level && auth_invalid) { + a->auth_invalid = true; } DLIST_PROMOTE(dce_conn->auth_states, a); @@ -2048,6 +2062,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, /* * This can never be valid. */ + auth_invalid = true; a->auth_invalid = true; } call->auth_state = a; @@ -2116,6 +2131,18 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, } /* only one request is possible in the fragmented list */ if (dce_conn->incoming_fragmented_call_list != NULL) { + call->fault_code = DCERPC_NCA_S_PROTO_ERROR; + + existing = dcesrv_find_fragmented_call(dce_conn, + call->pkt.call_id); + if (existing != NULL && call->auth_state != existing->auth_state) { + call->context = dcesrv_find_context(call->conn, + call->pkt.u.request.context_id); + + if (call->pkt.auth_length != 0 && existing->context == call->context) { + call->fault_code = DCERPC_FAULT_SEC_PKG_ERROR; + } + } if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) { /* * Without DCERPC_PFC_FLAG_CONC_MPX @@ -2125,11 +2152,14 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, * This is important to get the * call_id and context_id right. */ + dce_conn->incoming_fragmented_call_list->fault_code = call->fault_code; TALLOC_FREE(call); call = dce_conn->incoming_fragmented_call_list; } - return dcesrv_fault_disconnect0(call, - DCERPC_NCA_S_PROTO_ERROR); + if (existing != NULL) { + call->context = existing->context; + } + return dcesrv_fault_disconnect0(call, call->fault_code); } if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_PENDING_CANCEL) { return dcesrv_fault_disconnect(call, @@ -2142,17 +2172,43 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, DCERPC_PFC_FLAG_DID_NOT_EXECUTE); } } else { - const struct dcerpc_request *nr = &call->pkt.u.request; - const struct dcerpc_request *er = NULL; int cmp; existing = dcesrv_find_fragmented_call(dce_conn, call->pkt.call_id); if (existing == NULL) { + if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) { + /* + * Without DCERPC_PFC_FLAG_CONC_MPX + * we need to return the FAULT on the + * already existing call. + * + * This is important to get the + * call_id and context_id right. + */ + if (dce_conn->incoming_fragmented_call_list != NULL) { + TALLOC_FREE(call); + call = dce_conn->incoming_fragmented_call_list; + } + return dcesrv_fault_disconnect0(call, + DCERPC_NCA_S_PROTO_ERROR); + } + if (dce_conn->incoming_fragmented_call_list != NULL) { + return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); + } + call->context = dcesrv_find_context(call->conn, + call->pkt.u.request.context_id); + if (call->context == NULL) { + return dcesrv_fault_with_flags(call, DCERPC_NCA_S_UNKNOWN_IF, + DCERPC_PFC_FLAG_DID_NOT_EXECUTE); + } + if (auth_invalid) { + return dcesrv_fault_disconnect0(call, + DCERPC_FAULT_ACCESS_DENIED); + } return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); } - er = &existing->pkt.u.request; if (call->pkt.ptype != existing->pkt.ptype) { /* trying to play silly buggers are we? */ @@ -2165,14 +2221,8 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, return dcesrv_fault_disconnect(existing, DCERPC_NCA_S_PROTO_ERROR); } - if (nr->context_id != er->context_id) { - return dcesrv_fault_disconnect(existing, - DCERPC_NCA_S_PROTO_ERROR); - } - if (nr->opnum != er->opnum) { - return dcesrv_fault_disconnect(existing, - DCERPC_NCA_S_PROTO_ERROR); - } + call->auth_state = existing->auth_state; + call->context = existing->context; } } diff --git a/selftest/knownfail.d/dcerpc-auth-fraq b/selftest/knownfail.d/dcerpc-auth-fraq deleted file mode 100644 index f3c62b65e9e9..000000000000 --- a/selftest/knownfail.d/dcerpc-auth-fraq +++ /dev/null @@ -1,20 +0,0 @@ -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_all_111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_alone -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_all_111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_context_111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_level_111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_type_111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSame111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_firstSame2 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext2 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame2 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone111 diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 4847e8a02004..baf6df6e498b 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -726,6 +726,7 @@ static NTSTATUS ncacn_pull_pkt_auth(struct dcecli_connection *c, status = dcerpc_ncacn_pull_pkt_auth(&tmp_auth, c->security_state.generic_state, + true, /* check_pkt_auth_fields */ mem_ctx, ptype, required_flags, -- 2.25.1